More Goto tech episodes

State of the Art of Container Security  Adrian Mouat & Charles Humble thumbnail

State of the Art of Container Security Adrian Mouat & Charles Humble

Published 27 Mar 2026

Duration: 2397

Modern software development must prioritize container security, updated practices for base images, minimized attack surfaces, SBOMs for dependency tracking, and defense-in-depth strategies to combat supply chain risks and outdated components.

Episode Description

This interview was recorded for GOTO State of the Art in November 2025. https://gotopia.tech Read the full transcription of this interview here: https...

Overview

The podcast discusses critical issues in modern software development, emphasizing container security and the challenges of maintaining up-to-date systems. It explores how containers, while revolutionizing workflows, require new practices to address vulnerabilities in base images, outdated dependencies, and operational complexities in enterprise environments. Key concerns include the limitations of traditional vulnerability scanners, the low signal-to-noise ratio of CVEs (Common Vulnerabilities and Exposures), and the benefits of minimizing image sizes to reduce attack surfaces. The conversation highlights initiatives like DistroList and Chain Guards approach to creating secure, minimalist container images (e.g., Wolfy, a custom OS) that avoid unnecessary dependencies and prioritize source-based builds to mitigate risks from tampered binaries or compromised supply chains.

The discussion also delves into broader security strategies, such as the importance of Software Bills of Materials (SBOMs) for tracking components and dependencies, the role of attestations in verifying software provenance, and the need for layered defense mechanisms (e.g., immutability, container runtime restrictions, and credential management). Real-world examples, like the XZ Utils attack, underscore the risks of open-source supply chain vulnerabilities and the limitations of relying on single security measures. The podcast advocates for proactive replacement of containers over incremental updates, integration of security data feeds, and education on tools like Chain Guards solutions to improve transparency, consistency, and security in software development and deployment.

Recent Episodes of Goto tech

19 Jun 2026 Continuous Delivery in a World of Constant Change Abby Bangser & Dave Farley

Continuous delivery principles, AI's challenges in code generation, and the necessity of incrementalism, rigorous testing, and human validation in software development are emphasized, alongside critiques of AI's lack of precision and the push for structured validation in high-stakes systems.

16 Jun 2026 Go for Java Programmers Barry Feigenbaum & Shon Saliga

Go emphasizes simplicity, concurrency, and efficiency for lightweight applications through explicit error handling and goroutines, while Java offers a feature-rich, object-oriented framework with extensive libraries and inheritance for complex, general-purpose systems, each suited to distinct development priorities and domains.

12 Jun 2026 Engineering Leadership in Turbulent Times Sarah Wells, Pat Kua & Daniel Terhorst-North

The text contrasts technical leadership and management, highlighting leadership's emphasis on vision and team alignment with management's focus on systems and accountability, while exploring change strategies, frameworks like the "Three Threes Model," challenges in technical debt and cross-functional alignment, and the role of communication, culture, and adaptability in fostering innovation.

9 Jun 2026 Modern Concurrency in Java Bazlur Rahman & Michael Redlich

Modern Java concurrency explores the shift from traditional threads to virtual threads (JDK 21) and structured concurrency, emphasizing scalability for I/O-bound tasks, task management simplification, limitations in CPU-bound work, comparisons with reactive programming, adoption challenges, and the book's unification of knowledge around Project Loom and scoped values for intermediate developers.

5 Jun 2026 Roc & Zig: A Compiler Rewrite Story Anjana Vakil & Richard Feldman

The text covers Rock's evolution as a simplified, statically typed alternative to Elm with a Zig-based compiler, AI's expanding role in software development beyond automation, open-source challenges, education's shift toward conceptual understanding, and the tension between rapid AI-driven productivity and quality-focused project development.

More Goto tech episodes